Applying intelligence to security and compliance in Office 365

Today’s post was written by Alym Rayani, director for Office Security and Compliance.

Given the explosive growth in data production, IT is tasked with securing a volume of corporate data that is growing exponentially. To stay ahead of the evolving threat landscape, companies need the ability to analyze and learn from that data in order to identify, intercept and respond to threats. Office 365 provides unmatched security intelligence to help customers protect, detect and respond to threats.

As part of the Office news that Kirk Koenigsbauer announced today at the Microsoft Ignite conference, we are pleased to introduce the following new security and compliance capabilities in Office 365:

Improvements to Office 365 Advanced Threat Protection

Since introducing Office 365 Advanced Threat Protection last year, we’ve seen significant adoption and are excited to announce several enhancements including:

  • New reports—Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing. The new reports will be in preview later this year.
  • Dynamic delivery—Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email. Dynamic Delivery is starting to roll out to customers now.
  • URL detonation—Deeper protection against malicious URLs. Not only do we check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioral malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection today; URL detonation will be in preview later this year.
  • Intelligence sharing with Windows Defender Advanced Threat Protection—Security admins will be able to see malware activity and relationships across Windows 10 and Office 365. Integration with Windows will be in preview in early 2017.
  • Broader protection—Advanced Threat Protection will extend to include protection for SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business. These extended capabilities will be in preview in early 2017.

applying-intelligence-to-security-and-compliance-in-office-365-1

Advanced Threat Protection checking for malicious links in Word.

Availability: Advanced Threat Protection is available now as part of Office 365 E5 or as add-on to any Office 365 Enterprise plan. Windows Defender Advanced Threat Protection is available with Windows 10 Enterprise E5. Both are also available as part of Secure Productive Enterprise E5, available starting October 1, 2016.

Announcing Threat Intelligence

Organizations are being targeted with increasingly sophisticated attacks. Today, we’re pleased to announce Threat Intelligence, which helps you proactively uncover and protect against advanced threats by analyzing billions of data signals across Office consumer and commercial services. Threat Intelligence also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world. In addition, we’re integrating signals from Windows and Azure to help customers realize the full benefit of the Microsoft Cloud.

Security admins will see a dashboard with rich insights to do deep investigation of malware and will be able to integrate data with existing security management tools.

Threat Intelligence takes it a step further by alerting security admins and proactively creating and suggesting security policies to help protect you against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert customers in finance and related areas to the trend. Threat Intelligence will also dynamically create and suggest additional security policies to help protect you before they get to your network.

Availability: Threat Intelligence will be available in the first quarter of 2017 and will be included as part of the Office 365 Enterprise E5 plan and the new Secure Productive Enterprise E5 offering.

With Threat Intelligence, you can monitor and protect against risks before they hit your organization.

Announcing Advanced Data Governance

We’re also pleased to announce we are bringing Advanced Data Governance to Office 365 to help customers manage the exploding volume and increasing complexity of corporate data. We’re applying intelligence to help you achieve organizational compliance and automate data retention.

You’ll be able to classify, set policy and take action on the data that is most relevant for your organization and industry, with recommendations driven by behavioral analysis and machine learning.

Advanced Data Governance will include the following capabilities:

  • Import—Intelligently import only the data you need from on-premises and third-party archives using classifications such as age, data type, user or groups, sensitivity or importance.
  • Policies—Policy recommendations are provided, based on machine assisted insights of your data, classifications, tenant, organization, industry, geography and more. Recommendations may include delete, move, encrypt or share.
  • Retention—Intelligently preserve only what’s important to you by using classifications such as keywords, age, data type, user or group, sensitivity, importance. Integration with line-of-business systems allows you to trigger retention based upon events, such as creation of a human resources record.

Advanced Data Governance will help organizations apply the right actions to preserve high value data and purge redundant or obsolete data.

Availability: Advanced Data Governance will be available in the first quarter of 2017 and will be included as part of the Office 365 Enterprise E5 plan and the new Secure Productive Enterprise E5 offering.

applying-intelligence-to-security-and-compliance-in-office-365-3

The intelligence behind Advanced Data Governance helps achieve organizational compliance.

Updates to Advanced Security Management

Earlier this year, we launched Advanced Security Management to help give organizations visibility and control over security in Office 365. This week, we are adding a new feature called Productivity App Discovery, which will help IT pros and security operations teams understand their organization’s usage of Office 365 and other productivity cloud services. This will help them to better determine the extent to which shadow IT is occurring in their organization.

applying-intelligence-to-security-and-compliance-in-office-365-4

Productivity App Discovery shows usage of Office 365 and other productivity cloud services.

In October, we will release another feature called App Permissions, which will assist in monitoring applications that users are connecting to Office 365.

Availability: Advanced Security Management is available now as part of the Office 365 E5 or as add-on to any Office 365 enterprise plan. It will also be available as part of Secure Productive Enterprise E5, available starting October 1, 2016.

These new capabilities enable organizations to take advantage of intelligence built in to Office 365 and protect, detect and respond to threats, while reducing risk and maintaining compliance. To learn more, visit us at Microsoft Ignite in Atlanta or join us online.

For more information about our trust principles and how we manage security, privacy and compliance, please visit the Office 365 Trust Center at trust.office365.com.

—Alym Rayani